<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/**
 *
 * @author vitalify
 *
 */
class Welcome extends UnitTestController {

	// validation
	// xss => htmlentities for all params

	// sql injection => $this->db->escape_str($val)
	// coding style
	// comment logic method
	// write log logic
	// unit test
	// report unit test

	public function index() {
		$this->load->Model('Template');
		$this->load->library('webserviceresponse');


		$res = $this->Template->validFields(' id , name ');
		//var_dump( json_encode( $res) );

		$tests = $this->Template->get(array('id >' => '0'));

		$response = array('code' => 100, 'message' => 'title', 'data' => $tests);
		$stringXml = $this->webserviceresponse->responseString($response, 'json');
		return $this->load->view('json', array('string' => $stringXml));

	}

	public function test() {

		$_POST['email'] = '';
		$_POST['pws'] = '123';

		$this->load->library('../controller/home');
		$this->home->insert();
	}

	public function xss() {
		$this->load->database(ACTIVE_GROUP);

		$_POST['filename'] = '<script>alert(1);</script>';
		echo ($this->input->post('filename'));
		$clear_xss =  htmlentities($_POST['filename']);
		echo html_entity_decode($clear_xss);
		echo $clear_xss;
		die;
// 		echo '<pre>';
// 		print_r($_POST['filename']);
// 		echo '</pre>';

		if ($this->security->xss_clean($_POST['filename'], TRUE) === FALSE)
		{
			// file failed the XSS test
			echo 'is xss<br/>';
			echo htmlentities($_POST['filename']);
		}

		$filename = $this->security->sanitize_filename($this->input->post('filename'));
		echo '<pre>';
		print_r($filename);
		echo '</pre>';

		$data = $this->security->xss_clean($_POST['filename']);
		echo '<pre>';
		print_r($data);
		echo '</pre>';
	}






}// end class Welcome
